Skip to content

Commit

Permalink
Merge pull request #774 from mrtc0/report-comrak-xss
Browse files Browse the repository at this point in the history 
Add advisory on comrak XSS
  • Loading branch information
@Shnatsel
Shnatsel authored Feb 21, 2021
2 parents 631d33d + 3aada4c commit 56d9690
Showing 1 changed file with 17 additions and 0 deletions.
17 changes: 17 additions & 0 deletions crates/comrak/RUSTSEC-0000-0000.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "comrak"
date = "2021-02-21"
url = "https://github.com/kivikakk/comrak/releases/tag/0.9.1"
categories = ["format-injection"]
keywords = ["xss"]

[versions]
patched = [">= 0.9.1"]
```

# XSS in `comrak`

The [comrak](https://github.com/kivikakk/comrak) we were matching unsafe URL prefixes, such as `data:` or `javascript:` , in a case-sensitive manner. This meant prefixes like `Data:` were untouched.

0 comments on commit 56d9690

Please sign in to comment.